Merge pull request #479 from NodeSecure/oidc-publish

feat: publish package using NPM OIDC trusted publisher

Author: fraxken

.github/workflows/publish.yml

@@ -0,0 +1,29 @@
+name: Publish Package
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        with:
+          node-version: '24.x'
+          registry-url: 'https://registry.npmjs.org'
+
+      # Ensure npm 11.5.1 or later is installed
+      - name: Update npm
+        run: npm install -g npm@latest
+      - run: npm install --ignore-scripts
+      - run: npm run build --if-present
+      - run: npm test
+      - run: npm publish

package.json

@@ -24,6 +24,11 @@
     "preview:dark": "node --no-warnings ./scripts/preview.ts --theme dark",
     "prepublishOnly": "npm run build"
   },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org",
+    "access": "public",
+    "provenance": true
+  },
   "files": [
     "dist"
   ],